National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,084 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2012-5101

SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: September 23, 2012; 01:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2012-1612

Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 06, 2012; 05:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1611

Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.

Published: September 06, 2012; 05:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0837

Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0836

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0835

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0822

Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-0821

Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0820

Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-0819

Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2006-7247

SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

Published: September 06, 2012; 03:55:00 PM -04:00
    V2: 7.5 HIGH
CVE-2012-4868

SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: September 06, 2012; 01:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-5148

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.

Published: August 31, 2012; 05:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-5134

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.

Published: August 30, 2012; 06:55:04 PM -04:00
    V2: 6.0 MEDIUM
CVE-2011-5113

SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Published: August 23, 2012; 04:55:03 PM -04:00
    V2: 7.5 HIGH
CVE-2011-5112

SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.

Published: August 23, 2012; 04:55:02 PM -04:00
    V2: 7.5 HIGH
CVE-2011-5099

SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: August 14, 2012; 06:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2012-4256

The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.

Published: August 13, 2012; 02:55:05 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-4235

The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.

Published: August 10, 2012; 06:34:48 AM -04:00
    V2: 5.0 MEDIUM
CVE-2012-4071

Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment.

Published: August 10, 2012; 06:34:48 AM -04:00
    V2: 4.3 MEDIUM